http-extensions
http-extensions copied to clipboard
httpwg
HTTP Extensions in progress
Is it better to have a separate document defining sf-date rather than have it hide in this one?
``` .../http-extensions/draft-ietf-httpbis-digest-headers.xml(1631): Warning: Too long line found (L1334), 2 characters longer than 72 characters: Repr-Digest: sha-256=:X48E9qOokqqrvdts8nOJRJN3OWDUoyWxBf7kbu9DBPE=:\r\n ``` Looks like another place to use line wrapping.
What should the requirements for cache be in signatures? See some context: _Originally posted by @jricher in https://github.com/httpwg/http-extensions/pull/2105#discussion_r882977703_
We noticed a difference between Firefox & Chrome’s behavior for same-site cookies. Specifically, if a web page is requesting a resource whose final redirect target is same-site with the web...
[This came up at the IETF-113 session, credit to Jonathan Hoyland] A signature context mitigates oracle attacks, where a sender can be made to sign data that’s partly controlled by...
> The semantics of the QUERY method change to a "conditional QUERY" if the request message includes an If-Modified-Since, If-Unmodified- Since, If-Match, If-None-Match, or If-Range header field ([RFCHTTP], Section 13)....
The Introduction has examples of how to do things without QUERY, but no examples of QUERY itself. Having one would help readers understand the method more easily.
HTTP now recommends minimum sizes for URLs, etc. so perhaps we can guide decisions about when to use QUERY a little more directly, by mentioning that and referring to core...
The draft focuses on the conventional interactions for client-sent requests and server-sent responses. But there seems to be no consideration about server push. I'm not strongly advocating that signatures should...
Define a signature algorithm named `ecdsa-p384-sha384` that indicates the use of ECDSA using curve P-384 DSS and SHA-384. The algorithm description is probably just 3.3.4 with "256" replaced with "384",...
